Reporting outdated/unmaintained projects on PyPI?

As a semi-related question, is there a documented process for deprecating (or reporting) outdated and unmaintained projects? A user recently opened a new topic regarding a package on PyPI being unmaintained, and I was unable to easily locate additional information on the subject.

Edit: Apologies if this is not directly related to the PyPA governance model. My two comments and Paul Moore’s response could be moved into a separate topic if needed.

The details are in PEP 541 which is linked from the bottom of the PyPI pages (conceded, the text of the link isn’t particularly obvious as to what it’s about):

So yes, there is a documented process. But the discoverability of that process obviously isn’t good enough, so maybe an issue or a PR against would be useful. But the question is interesting, because it illustrates the tension between “the PyPA” and the individual projects - managing project ownership is a PyPI administrative process and so questions/issues with it should properly be handled by the PyPI project (Warehouse). But arguably the PyPA has a role as “the visible face of Python packaging” to help people find the right way to ask such questions. That role isn’t really formally defined at the moment, though (and it’s not at all clear to me how it fits with the idea of the PyPA as a loose confederation of packaging projects).

1 Like

Ah, thanks for the clarification. I was somewhat aware of there being a name retention process, but I was not aware that it also covered the deprecation/removal process of unmaintained projects. My understanding was that it primarily applied to name reservation/ownership, e.g. when a new project wants to use the name of an unmaintained project. The abstract of PEP 541 seems to imply this as well:

This PEP proposes an extension to the Terms of Use [1] of the Package Index [2], clarifying expectations of package owners regarding ownership of a package name on the Package Index, specifically with regards to conflict resolution.

Also in general, the PEP seems to be highly targeted at name reassignment, and does not clearly detail how users are supposed to flag a package as being abandoned/unmaintained.

What answered my earlier question on the process of removing an abandoned project was the following:

Projects are never removed from the Package Index solely on the basis of abandonment. Artifacts uploaded to the Package Index hold inherent historical value.

While I can understand not removing the packages, it seems odd to me that packages which meet the criteria of being abandoned are not at least publicly labeled as such. Doing so could prevent confusion and frustration from users attempting to utilize the package, and also help to attract new maintainers who wish to revitalize the package.

Hmm, I’m not certain as to where this should be defined, but it certainly should be. The roles of PyPA in relation to PyPI/Warehouse are not overly clear to me. I was previously under the impression that the Warehouse repository was primarily used for name reassignment requests from package authors and technical issues with Warehouse itself.

From an outside perspective (as someone in the development community but outside of the packaging community), it also isn’t entirely clear to me how users are expected to interface with PyPI. Are they expected to directly open an issue within Alternatively, can they simply open a new topic on Discuss in this packaging category and allow those who are familiar with the packaging processes to help sort it out?

Apologies if this discussion is somewhat unrelated to the PyPA governance model, but it does seem to be somewhat relevant with regards to defining the exact role of PyPA.

Well, yes.

Everything from feature requests, to PEP 541 requests are on the tracker. Anything that’s not an immediate security concern as per the security policy, goes there. w.r.t. flagging packages, that’s a feature request that’s a part of

Also yes. I don’t think anyone minds it but they’ll likely get a quicker response on the issue tracker.

1 Like